When outputting to existing file, it is not truncated

[jimklimov]

While running dev-tests with different builds of the tool, I've got invalid JSONs, looking like this (at where the parser reading them back complained):

...
    {
      "ref": "pkg:maven/io.cucumber/[email protected]?type=jar",
      "dependsOn": [
        "pkg:maven/io.cucumber/[email protected]?type=jar",
        "pkg:maven/io.cucumber/[email protected]?type=jar"
      ]
    },
    {
      "ref": "pkg:maven/io.cucumber/[email protected]?type=jar",
      "dependsOn": [
        "pkg:maven/io.cucumber/[email protected]?type=jar"
      ]
    }
  ]
}ent": "3f135e04c0bd0db2f5f00b3221aab2dc968051427324b6f037c7de75cce388eabb13ef27943e17b8646640cbfd908325d099b641d1c19a29b609db8a083324fa"
        }
      ],
      "licenses": [
        {
          "license": {
            "id": "Apache-2.0"
          }
        }
      ],

Digging a bit more into this, the culprit seems to be here:

https://github.com/CycloneDX/cyclonedx-cli/blob/5de8d19b2b678da8a04bd6dba38cdae26ef4347f/src/cyclonedx/CliUtils.cs#L157

According to https://stackoverflow.com/questions/3653132/file-openwrite-appends-instead-of-wiping-contents the File.Create() should be used instead of File.OpenWrite() which here (mis-)behaves correctly according to its spec.

[andreas-hilti]

This is actually a duplicate of https://github.com/CycloneDX/cyclonedx-cli/issues/255, for which I have summitted a PR as well (https://github.com/CycloneDX/cyclonedx-cli/pull/315), but it hasn't been approved.